Re: [p2pi] One more proposed definition of fairness...

Joe Touch <touch@ISI.EDU> Mon, 09 June 2008 05:44 UTC

Return-Path: <p2pi-bounces@ietf.org>
X-Original-To: p2pi-archive@ietf.org
Delivered-To: ietfarch-p2pi-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3D19F28C0FA; Sun, 8 Jun 2008 22:44:51 -0700 (PDT)
X-Original-To: p2pi@core3.amsl.com
Delivered-To: p2pi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6B71C28C0FA for <p2pi@core3.amsl.com>; Sun, 8 Jun 2008 22:44:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level:
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZGDpMLQnZYR for <p2pi@core3.amsl.com>; Sun, 8 Jun 2008 22:44:49 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 3CD7128C0E7 for <p2pi@ietf.org>; Sun, 8 Jun 2008 22:44:49 -0700 (PDT)
Received: from [127.0.0.1] (pool-71-106-109-69.lsanca.dsl-w.verizon.net [71.106.109.69]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id m595fx4f025117 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 8 Jun 2008 22:42:01 -0700 (PDT)
Message-ID: <484CC2A5.6050105@isi.edu>
Date: Sun, 08 Jun 2008 22:41:57 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
References: <06BEE447-3D17-45D0-A73B-E248C3141F51@ICSI.Berkeley.EDU> <484C1958.2010900@isi.edu> <8719C03C-9EC9-482B-9536-1784F95DC8A8@ICSI.Berkeley.EDU>
In-Reply-To: <8719C03C-9EC9-482B-9536-1784F95DC8A8@ICSI.Berkeley.EDU>
X-Enigmail-Version: 0.95.6
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: p2pi@ietf.org
Subject: Re: [p2pi] One more proposed definition of fairness...
X-BeenThere: p2pi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: P2P Infrastructure Discussion <p2pi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/p2pi>, <mailto:p2pi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/p2pi>
List-Post: <mailto:p2pi@ietf.org>
List-Help: <mailto:p2pi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2pi>, <mailto:p2pi-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1818393673=="
Sender: p2pi-bounces@ietf.org
Errors-To: p2pi-bounces@ietf.org


Nicholas Weaver wrote:
> 
> On Jun 8, 2008, at 10:39 AM, Joe Touch wrote:
>> Nicholas Weaver wrote:
>>> (Buried in a previous mail, but I'd like comments on this separately)
>>> How does the following sound as one possible ideal goal for user- 
>>> fairness:
>>> "Mechanisms to enable the network to enforce traffic such that, in 
>>> the  presence of congestion, a user's congestion control response 
>>> becomes  equivalent to aggregating all traffic from that user into a 
>>> single TCP  stream."
>>
>> See the Congestion Manager or RFC2140 ;-)
>>
>> This is easy to do at the end system, but, AFAICT, impossible to 
>> accomplish anywhere else (users will just grab multiple IP addresses, 
>> e.g.) - or worse, involves violating TCP (or, equivalently, won't work 
>> on encrypted/authenticated streams).
> 
> 
> I'm a security person.  I have to assume the end systems don't behave 
> right.  But I actually don't think it is impossible to enforce in the 
> network for the local users' ISP.
...
> EG, the ISP can at a single bidirectional point in the network 
> (admittedly keeping lots of state, but...) for a large group of users 
> infer the congestion on each TCP flow,...

That's the point, however, where things stop when someone uses encrypted 
transport layers.

...
> Yes, this is a LOT of engineering work to get right [1], but I believe 
> it is doable, and could accomplish the stated definition of fairness (or 
> something very close to it).

A key question is whether it's worth the state it will take to get 
right. An endpoint might open a few thousand flows just to help overload 
your system ;-)

> Furthermore, you can resist the attacks you mentioned.  Because the ISP 
> can prevent the user from minting new IP addresses (as they control the 
> point of attachment), this prevents address forging.

Sure - the local ISP can prevent that. You can't prevent someone 
accessing multiple ISPs (cable, DSL, etc.), but presumably you don't 
care about that?

Joe

_______________________________________________
p2pi mailing list
p2pi@ietf.org
https://www.ietf.org/mailman/listinfo/p2pi